CVE-2026-33790 PUBLISHED

Junos OS: SRX Series: In a NAT64 configuration, receipt of a specific, malformed ICMPv6 packet will cause the srxpfe process to crash and restart.

Assigner: juniper
Reserved: 23.03.2026 Published: 09.04.2026 Updated: 10.04.2026

An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 packet to cause the srxpfe process to crash and restart. Continued receipt and processing of these packets will repeatedly crash the srxpfe process and sustain the Denial of Service (DoS) condition.

During NAT64 translation, receipt of a specific, malformed ICMPv6 packet destined to the device will cause the srxpfe process to crash and restart.

This issue cannot be triggered using IPv4 nor other IPv6 traffic.

This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S10, * all versions of 21.3, * from 21.4 before 21.4R3-S12, * all versions of 22.1, * from 22.2 before 22.2R3-S8, * all versions of 22.4, * from 22.4 before 22.4R3-S9, * from 23.2 before 23.2R2-S6, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S3, * from 24.4 before 24.4R2-S3, * from 25.2 before 25.2R1-S2, 25.2R2.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber
CVSS Score: 8.7

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	High	Availability	Low
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Juniper Networks
Product	Junos OS
Versions	Default: unaffected affected from 0 to 21.2R3-S10 (excl.) affected from 21.4 to 21.4R3-S12 (excl.) affected from 22.2 to 22.2R3-S8 (excl.) affected from 22.4 to 22.4R3-S9 (excl.) affected from 23.2 to 23.2R2-S6 (excl.) affected from 23.4 to 23.4R2-S7 (excl.) affected from 24.2 to 24.2R2-S3 (excl.) affected from 24.4 to 24.4R2-S3 (excl.) affected from 25.2 to 25.2R1-S2, 25.2R2 (excl.) affected from 21.3 to 21.3* (excl.) affected from 22.1 to 22.1* (excl.) affected from 22.3 to 22.3* (excl.)

Affected Configurations

This issue requires a NAT IPv6 to IPv4 (NAT64) configuration to be present. For example:

[ security nat source pool 1 address <IPv4 address> ] [ security nat source rule-set 1 from zone <private-zone> ... ] [ security nat source rule-set 1 to zone <public-zone> ... ] [ security nat source rule-set 1 rule 1 match source-address <IPv6 subnet> ] [ security nat source rule-set 1 rule 1 match destination-address 0.0.0.0/0 ] [ security nat source rule-set 1 rule 1 then source-nat pool 1 ]

[ set security nat static rule-set 1 from zone <pvt-zone> ] [ set security nat static rule-set 1 rule 1 match destination-address <dest IPv6 subnet / 96 > ] [ set security nat static rule-set 1 rule 1 then static-nat inet ]

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Workarounds

There are no known workarounds for this issue.

Solutions

The following software releases have been updated to resolve this specific issue:

Junos OS: 21.2R3-S10, 21.4R3-S12, 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S3, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.

References

https://kb.juniper.net/JSA107874

Problem Types

CWE-754 Improper Check for Unusual or Exceptional Conditions CWE